← All calculators
HIPAA · FREE TOOL

HIPAA Penalty Calculator

OCR penalties scale by culpability tier and annual cap. The 2019 HHS notification capped the annual maximum at $1.5M for the worst tier — but recent inflation adjustments push 2024 maximums to $63,973 per violation and $1,919,173 annual cap for willful neglect (uncorrected). Use this tool to estimate exposure for a single incident or a recurring control failure.

Each affected individual can count as a separate violation.
Raw exposure (per-violation max × N)
$68.93M
Max $69K per violation, 1,000 violations.
After annual cap
$2.07M
Capped at $2.07M (HHS 2024 annual cap, per identical provision).
Run my free compliance auditGenerate policies

How this is calculated

45 CFR §160.404
Four-tier civil monetary penalty structure.
HITECH Act §13410(d)
Statutory tier definitions adopted by HHS in 2009.
HHS Notification 2024 inflation adjustment
Annual updates to per-violation minimums/maximums and annual caps.

Things people get wrong

Real enforcement examples

Anthem Inc.
$16M
Largest HIPAA settlement in history — 78.8M records breached
Premera Blue Cross
$6.85M
11M-record breach + risk-analysis + access-controls failures

FAQ

What are the 4 HIPAA penalty tiers?
Tier 1 (lack of knowledge), Tier 2 (reasonable cause and not willful neglect), Tier 3 (willful neglect, corrected within 30 days), Tier 4 (willful neglect, not corrected). Each has its own minimum, maximum, and annual cap.
Are HIPAA fines per record or per incident?
Each affected individual or each day of non-compliance can count as a separate violation. OCR has discretion — Anthem ($16M for 79M records), Premera ($6.85M for 10.4M records), and Excellus ($5.1M) were all assessed under this multiplier.
Does OCR always go to the maximum?
No. OCR weighs nature/extent of violation, harm to individuals, history of compliance, financial condition, and other factors. Most settlements land well below the cap — but the cap is the ceiling for board-level risk modeling.

Related

HIPAA audit →GDPR Fine CalculatorData Breach Cost CalculatorCCPA / CPRA Penalty CalculatorSOC 2 Audit Cost Calculator